Security
architecture.

In Transit

All connections use TLS 1.2+. API calls to AI providers, Stripe, and internal services are encrypted end-to-end. WebSocket connections to sandboxes use WSS.

At Rest

All stored data is encrypted at rest using AES-256. Sandbox volumes use encrypted storage. Payment data is handled by a PCI DSS Level 1 certified processor.

Agent Credentials

Channel credentials use AES-256-GCM, keyed per-user. API keys are stored as HMAC hashes. Never plaintext, never logged, never sent anywhere unintended.

Invite-enabled: Dedicated containers

• ✓Each user gets their own isolated container
• ✓Separate filesystem, process space, and network namespace
• ✓No shared memory or processes between users
• ✓Sandboxes stopped when inactive, started on demand
• ✓Agent tools confined to the sandbox

Base access: Shared infrastructure

• ◌Free users share API gateway infrastructure (no dedicated sandbox)
• ◌Conversations isolated per user via database security rules
• ◌No filesystem or tool access. Chat only.
• ◌Rate limited to prevent abuse (50 messages per day)

Database security rules

Every collection has explicit security rules. Users can only read and write their own data. Admin-only collections are inaccessible from the client.

• ◆User profile, config, API keys: read/write own data only
• ◆Conversations: read own, writes via server
• ◆Usage tracking: read own, write server-side only
• ◆Admin logs, system config: no client access

Your rights

• ✓Export: Download all your data from Settings
• ✓Delete: Clear history or delete your entire account
• ✓Inspect: Bot config files visible in your dashboard
• ✓Portable: Your agent config is standard markdown. Transfer to any OpenClaw instance.